Finding Feature
Information

Your software release
may not support all the features documented in this module. For the latest
caveats and feature information, see Bug Search Tool and the release notes for
your platform and software release. To find information about the features
documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table at the end of this
module.

Use Cisco Feature
Navigator to find information about platform support and Cisco software image
support. To access Cisco Feature Navigator, go to
http://www.cisco.com/go/cfn.
An account on Cisco.com is not required.

Prerequisites for IGMP State Limit

IP multicast is enabled and the Protocol Independent Multicast (PIM) interfaces are configured using the tasks described
in the "Configuring Basic IP Multicast" module of the
IP Multicast: PIM Configuration Guide.

ALL ACLs must be configured. For information, see the see the " Creating an IP Access List and Applying It to an Interface
" module of the
Security Configuration Guide: Access Control Lists guide.

Restrictions for IGMP State Limit

You can configure only one global limit per device and one limit per interface.

Information About IGMP State Limit

IGMP State Limit

The IGMP State Limit feature allows for the configuration of IGMP state limiters, which impose limits on mroute states resulting
from IGMP membership reports (IGMP joins) on a global or per interface basis. Membership reports exceeding the configured
limits are not entered into the IGMP cache. This feature can be used to prevent DoS attacks or to provide a multicast CAC
mechanism in network environments where all the multicast flows roughly utilize the same amount of bandwidth.

Note

IGMP state limiters impose limits on the number of mroute states resulting from IGMP, IGMP v3lite, and URL Rendezvous Directory
(URD) membership reports on a global or per interface basis.

IGMP State Limit Feature Design

Configuring IGMP state limiters in global configuration mode specifies a global limit on the number of IGMP membership reports
that can be cached.

Configuring IGMP state limiters in interface configuration mode specifies a limit on the number of IGMP membership reports
on a per interface basis.

Use ACLs to prevent groups or channels from being counted against the interface limit. A standard or an extended ACL can be
specified. A standard ACL can be used to define the (*, G) state to be excluded from the limit on an interface. An extended
ACLs can be used to define the (S, G) state to be excluded from the limit on an interface. An extended ACL also can be used
to define the (*, G) state to be excluded from the limit on an interface, by specifying 0.0.0.0 for the source address and
source wildcard--referred to as (0, G)--in the permit or deny statements that compose the extended access list.

You can only configure one global limit per device and one limit per interface.

Mechanics of IGMP State Limiters

The mechanics of IGMP state limiters are as follows:

Each time a router receives an IGMP membership report for a particular group or channel, the Cisco IOS software checks to
see if either the limit for the global IGMP state limiter or the limit for the per interface IGMP state limiter has been reached.

If only a global IGMP state limiter has been configured and the limit has not been reached, IGMP membership reports are honored.
When the configured limit has been reached, subsequent IGMP membership reports are then ignored (dropped) and a warning message
in one of the following formats is generated:

If only per interface IGMP state limiters are configured, then each limit is only counted against the interface on which
it was configured.

If both a global IGMP state limiter and per interface IGMP state limiters are configured, the limits configured for the per
interface IGMP state limiters are still enforced but are constrained by the global limit.

Configuration examples for IGMP State Limit

Configuring IGMP State
Limiters Example

The following
example shows how to configure IGMP state limiters to provide multicast CAC in
a network environment where all the multicast flows roughly utilize the same
amount of bandwidth.

This example uses
the topology illustrated in the figure.

Figure 1. IGMP State Limit Example
Topology

In this example, a
service provider is offering 300 Standard Definition (SD) TV channels. Each SD
channel utilizes approximately 4 Mbps.

The service
provider must provision the Gigabit Ethernet interfaces on the PE router
connected to the Digital Subscriber Line Access Multiplexers (DSLAMs) as
follows: 50% of the link’s bandwidth (500 Mbps) must be available to
subscribers of the Internet, voice, and video on demand (VoD) service offerings
while the remaining 50% (500 Mbps) of the link’s bandwidth must be available to
subscribers of the SD channel offerings.

Because each SD
channel utilizes the same amount of bandwidth (4 Mbps), per interface IGMP
state limiters can be used to provide the necessary CAC to provision the
services being offered by the service provider. To determine the required CAC
needed per interface, the total number of channels is divided by 4 (because
each channel utilizes 4 Mbps of bandwidth). The required CAC needed per
interface, therefore, is as follows:

500Mbps / 4Mbps =
125 mroutes

Once the required
CAC is determined, the service provider uses the results to configure the per
IGMP state limiters required to provision the Gigabit Ethernet interfaces on
the PE router. Based on the network’s CAC requirements, the service provider
must limit the SD channels that can be transmitted out a Gigabit Ethernet
interface (at any given time) to 125. Configuring a per interface IGMP state
limit of 125 for the SD channels provisions the interface for 500 Mbps of
bandwidth, the 50% of the link’s bandwidth that must always be available (but
never exceeded) for the SD channel offerings.

The following
configuration shows how the service provider uses a per interface mroute state
limiter to provision interface Gigabit Ethernet 0/0/0 for the SD channels and
Internet, Voice, and VoD services being offered to subscribers:

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use
these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products
and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.